b83084409598344335bb313288a7034c[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

b83084409598344335bb313288a7034c.bin
Size

344KB
MD5

b83084409598344335bb313288a7034c
SHA1

2a284b54b395f35095b67441bc857718c2b8058c
SHA256

b5ecec0f2840e7b3d9635aa9664d6ab245ccd9516ce02c763c13b6947a596fd1
SHA512

8b7080d2add81c2ce5993b20a9f4f01ea495a335b72fb66db427944d4f340231594371906ce1129a69171bcc9818278d5708515abc984e658656b4ddaf6a3443
SSDEEP

6144:fpQoe8JyCZrOb1uNVO/G+XhfUVZZkrGZoE4aD1kfzftIS+8g8CcjwAxR2pMVIYDs:fpSt0RVsG+XhUVZZkKZP3kfRP+8gujwX

Score

10^/10

vmprotect

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

Processes:

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
b83084409598344335bb313288a7034c.bin

Files

b83084409598344335bb313288a7034c.bin
.exe windows:5 windows x86 arch:x86

a3e2ee3c2af2bdd14eeea36d789848d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

sprintf
free
??0bad_typeid@@QAE@PBD@Z
fclose
malloc

expsrv

__vbaFPFix
__vbaNew
rtcRandomize
__vbaVarErrI4
rtcSpaceBstr
__vbaRefVarAry
__vbaVarZero
rtcInputBox
__vbaUI1Sgn
__vbaR8Sgn
rtcVarDateFromVar
rtcFV
rtcLeftCharVar
__vbaVarTstNe
__vbaLateMemCallSt
__vbaVarCmpNe
rtcAppleScript
__vbaStrR8
__vbaFreeStrList
__vbaStrI4
__vbaCyI2
rtcGetTimer
Zombie_Invoke
__vbaFPInt
rtcGetFileAttr
__vbaCyAdd
__vbaR8Str

kernel32

GetUserDefaultLCID
VirtualAlloc
TerminateProcess
GetProcessHeap
HeapAlloc
SetFilePointer
GetACP
HeapFree
QueryPerformanceCounter
lstrcmpW
GetSystemInfo
GetEnvironmentStrings
lstrcmpA
GetTickCount
FileTimeToSystemTime
GetSystemTimeAsFileTime
lstrlenW
GetEnvironmentStringsA
GetModuleHandleA
GetCurrentProcessId
DeleteFileA
GetCurrentThreadId
UnhandledExceptionFilter
IsDebuggerPresent
GetOEMCP
GetCurrentProcess
GetVersion
GetCPInfo
GetLastError
FreeEnvironmentStringsA
SetUnhandledExceptionFilter

psapi

GetMappedFileNameW
GetProcessImageFileNameW
GetDeviceDriverBaseNameW
GetProcessMemoryInfo
GetModuleBaseNameW
QueryWorkingSet
EnumProcesses
EnumProcessModules
GetWsChanges
GetModuleBaseNameA
GetModuleFileNameExA
EnumPageFilesA
GetDeviceDriverFileNameA
InitializeProcessForWsWatch
GetDeviceDriverFileNameW
EnumPageFilesW
GetPerformanceInfo
GetModuleFileNameExW
EnumDeviceDrivers
GetMappedFileNameA

advapi32

RegEnumKeyA
RegQueryValueExA
RegQueryValueW
EqualSid
RegEnumValueA
FreeSid
RegQueryInfoKeyW
OpenThreadToken
GetTokenInformation
RegEnumKeyExW
RegEnumKeyW
RegDeleteKeyW
CredpConvertCredential
RegQueryValueA
RegDeleteValueW
RegSetValueExA
RegSetValueA
RegOpenKeyA
RegEnumValueW
RegQueryValueExW
GetAuditedPermissionsFromAclA
GetLengthSid
RegOpenKeyExA
RegQueryInfoKeyA
RegSetValueExW
RegFlushKey
RegOpenKeyW
AllocateAndInitializeSid
RegOpenKeyExW
RegEnumKeyExA

Sections

.rdata
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a3e2ee3c2af2bdd14eeea36d789848d9

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

expsrv

kernel32

psapi

advapi32

Sections

.rdata Size: 278KB - Virtual size: 278KB

.data Size: 15KB - Virtual size: 38KB

.rsrc Size: 10KB - Virtual size: 10KB

.vmp0 Size: 23KB - Virtual size: 23KB

.vmp1 Size: 16KB - Virtual size: 15KB

.rdata
Size: 278KB - Virtual size: 278KB

.data
Size: 15KB - Virtual size: 38KB

.rsrc
Size: 10KB - Virtual size: 10KB

.vmp0
Size: 23KB - Virtual size: 23KB

.vmp1
Size: 16KB - Virtual size: 15KB